Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

6. Configure the AAAprofile parameters according to your particular use case (refer to Table 11 below for AAA

profile parameter details).

Table 11: Configuring AAAProfile Parameters

AAA Profile

Parameter

Action/Description Comments

Initial role

1. Click the Initial Role drop-down list and

select a role for unauthenticated users.

The default role for unauthenticated

users is logon.

MAC

Authentication

Default Role

2. Click the MAC Authentication Default

Role drop-down list and select the role

assigned to the user when the device is

MAC authenticated.

The default role for MAC authentication

is the guest user role. If derivation rules

are present, the role assigned to the

client through these rules takes

precedence over the default role.

NOTE: This feature requires a Policy

Enforcement Firewall Next Generation

(PEFNG) license.

Download Role

from CPPM

3. Enable the Download Role from CPPM

option.

When you enable this option, the configured

ClearPass/RADIUS server provides the role

name at user authentication.

The authenticator controller can request

the role details if the role does not exist.

Users are then assigned to the newly-

defined role.

Layer-2

Authentication Fail

Through

4. Enable this option to enable the L2-

authentication-failthrough mode.

l When this option is enabled, the 802.1X

authentication is allowed even if MAC

authentication fails.

l If this option is disabled, 802.1X

authentication is not allowed.

L2-authentication-failthrough mode is

disabled by default.

User idle timeout

5. Select the Enable check box to configure

the user idle timeout value for this AAA

profile.

a. Specify the idle timeout value for the

client in the number of seconds.

Enabling this option overrides the global

settings configured in the AAA timers.

l If this is disabled, the global settings

are applied.

l Range: 30 to 15300 in multiples of 30

seconds.

l A value of 0 deletes the user

immediately after disassociation from

the wireless network.

Max IPv4 for

wireless user

6. Specify the number of IPv4 addresses that

can be associated to a wireless user.

Inter-controller mobility does not support

more than two IP addresses per wireless

user.

l Minimum: 1

l Maximum: 32

l Default: 2

Dell Networking W-ClearPass Deployment Guide

Preparing the Mobility Controller for W-ClearPass PolicyManager Integration

| 77